Security Pro Midterm 2
Which of the following encryption methods combines a random value with plain text to produce cipher text? O Steganography O Elliptic curve O One-time pad O Transposition
One-time pad
Which of the following is not an example of a physical barrier access control mechanism? O Fences O Mantrap O One-time passwords O Biometric locks
One-time passwords
When a malicious user captures authentication traffic and replays it against the network later, what is the security problem you are most concerned about?
An unauthorized user gaining access to sensitive resources
What is the average number of times that a specific risk is likely to be realized in a single year? ● Estimated maximum downtime ● Annualized rate of occurrence ● Exposure factor ● Annualized loss expectancy
Annualized rate of occurrence
Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components? O Soda acid O Carbon dioxide (C02) O Dry powder O Water-based
Carbon dioxide (C02)
Which of the following defines two-man control? ● For any task in which vulnerabilities exist, steps within the tasks are assigned to different positions with different management. ● An employee is granted the minimum privileges required to perform the position's duties. ● Certain tasks should be dual-custody in nature to prevent a security breach. ● A situation in which multiple employees conspire to commit fraud or theft.
Certain tasks should be dual-custody in nature to prevent a security breach.
You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this? O CPS (certificate practice statement) O Chain of custody O Flps_140 O Rules of eh.qdence
Chain of custody
What is the most important element related to evidence in addition to the evidence itself? O Completeness O Witness testimony O Chain of custody document O Photographs of the crime scene
Chain of custody document
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device? ● Change management ● SLA ● Acceptable use ● Resource allocation
Change management
You are concerned that wireless access points may have been deployed within your organization without authorization. What should you do? (Select two. Each response is a complete solution.)
Check the MAC addresses of devices connected to your wired switch Conduct a site survey
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level
Which of the following fire extinguisher types is best used for the electrical fires that might result when working with computer components? O Class A O Class B O Class C O Class D
Class C
A code of ethics does all but which of the following? ● Establishes a baseline for managing complex situations ● Serves as a reference for the creation of acceptable use policies ● Improves the professionalism of your organization as well as your profession ● Clearly defines courses of action to take when a complex issue is encountered
Clearly defines courses of action to take when a complex issue is encountered
How does IPSec NAP enforcement differ from other NAP enforcement methods?
Clients must be issued a valid certificate before a connection to the private network is allowed
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ.
Which of the following reduce the risk of a threat agent being able to exploit a vulnerability? O Secure data transmissions O Implementation of VLANs O Countermeasures O Manageable neüvork plans
Countermeasures
How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence? O Enable write protection O Write a log file to the media O Create a checksum using a hashing algorithm O Reset the file attributes on the media to read-only
Create a checksum using a hashing algorithm
As you go through the process of making your network more manageable, you discover that employees in the sales department are on the same neüvork segment as the human resources department. Which of the following steps can be used to isolate these departments? ● Create a separate VLAN for each department ● Identify the choke points in your network ● Implement the principle of least privilege for the human resources department ● Move the sales department into the DMZ
Create a separate VLAN for each department
Which of the following is an example of privilege escalation? O Mandatory vacations O Principle of least privilege O Separation of duties O Creeping privileges
Creeping privileges
Which of the following is not a protection against collusion? ● Principle of least privilege ● Two-man control ● Separation of duties ● Cross-training
Cross-training
You would like to control Internet access based on users, time of day, and websites visited. How can you do this?
Install a proxy server. Allow Internet access only through the proxy server.
You walk by the server room and notice that a fire has started. What should you do first? O Grab a fire extinguisher and try to put out the fire. O Turn on the overhead sprinklers. O Call the fire department. O Make sure everyone has cleared the area.
Make sure everyone has cleared the area.
Which of the following is a form of denial of service attack that uses spoofed ICMP packets to flood a victim with echo requests using a bounce/amplification network?
Smurf
Which of the following common network monitoring or diagnostic activities can be used as a passive malicious attack?
Sniffing
In which phase of the system life cycle is software testing performed? ● Functional design analysis and planning ● System design specifications ● Software development and coding ● Installation
Software development and coding
What is modified in the most common form of spoofing on a typical IP packet?
Source address
Which of the following social engineering attacks use Voice over IP (VolP) to gain sensitive information? ● Spear phishing ● Masquerading ● Vishing ● Tailgating
Vishing
Which of the following offers the weakest form of encryption for an 802.11 wireless network?
WEP
Which of the following wireless security methods uses a common shared key configured on the wireless access point and all wireless clients?
WEP, WPA Personal, and WPA2 Personal
Which of the following are true about Wi-Fi Protected Access 2 (WPA2)? (Select two.)
WPA2 uses AES for encryption and CBC-MAC for data integrity. Upgrading from a network using WEP typically requires installing new hardware.
You are concerned about sniffing attacks on your wireless network. Which of the following implementations offers the best countermeasure to sniffing?
WPA2 with AES
A senior executive reports that she received a suspicious email concerning a sensitive internal project that is behind production. The email was sent from someone she doesn't know, and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. Which type of an attack best describes the scenario? ● MAC spoofing ● Whaling ● Passive ● Masquerading
Whaling
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a third-party security consultant to review your organization's security measures. She has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement closed-circuit TV (CCTV) surveillance cameras to prevent this from happening in the future. Click on the office locations where surveillance cameras would be most appropriate.
*Click on lobby entrance & networking closet*
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a third-party security consultant to review your organization's security measures. She has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you provide employees with access badges and implement access badge readers to prevent this from happening in the future. Click on the office locations where access badge readers would be most appropriate.
*Click on lobby entrance & networking closet*
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a third-party security consultant to review your organization's security measures. She has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement mantraps to prevent this from happening in the future. Click on the office location where a mantrap would be most appropriate.
*Click on lobby entrance*
Which of the following is not one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server?
169.254.0.0 - 169.254.255.255
You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized Rate of Occurrence = .25 What is the Single Loss Expectancy (SLE)? ● 100 ● 300 ● 475 ● 30000
300
What is the recommended humidity level for server rooms? O 10% or lower O 30% O 50% O 70% or higher
50%
You want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions? O 500 resolution, 50mm, .05 LUX O 500 resolution, 50mm, 2 LUX O 400 resolution, 10mm, 2 LUX O 400 resolution, 10mm, .05 LUX
500 resolution, 50mm, .05 LUX
You have conducted a risk analysis to protect a key company asset. You identify the following values: • Asset value = 400 • Exposure factor = 75 • Annualized rate of occurrence What is the Annualized Loss Expectancy (ALE)? ● 25 ● 75 ● 100 ● 175 ● 475
75
WiMAX is an implementation of which IEEE committee?
802.16
Which of the following specifications identify security that can be added to wireless networks? (Select two.)
802.1x 802.11i
You need to configure a wireless network. You want to use WPA2 Enterprise. Which of the following components will be part of your design? (Select two.)
802.1x AES encryption
Which of the following describes a man-in-the-middle attack?
A false server intercepts communications from a client by impersonating the intended server.
Which of the following is the best definition of the term hacker? O A threat actor who lacks skills and sophistication but wants to impress their friends or garner attention. O Any individual whose attacks are politically motivated. O The most organized, well-funded, and dangerous type of threat actor. O A threat actor whose main goal is financial gain. O A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
A general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization.
What is a service level agreement (SLA)? ● A contract with a legal entity to limit your asset loss liability ● A guarantee of a specific level of service ● A contract with an ISP for a specific level of bandwidth ● An agreement to support another company in the event of a disaster
A guarantee of a specific level of service
Which of the following is an example of a vulnerability? O Unauthorized access to confidential resources O A misconfigured server O Virus infection O Denial of servÄce attack
A misconfigured server
Which of the following is an example of an internal threat? O A server back door allows an attacker on the internet to gain access to the intranet site. O A water pipe in the server room breaks. O A delivery man is able to walk into a controlled area and steal a laptop. O A user accidentally deletes the new product designs.
A user accidentally deletes the new product design
Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do to help reduce problems? O Add a de-humidifier to the server room O Add line conditioners in the server room O Add a humidifier to the server room O Add a separate A/C unit in the server room
Add a separate A/C unit in the server room
You are designing a wireless network implementation for a small business. The business deals with sensitive customer information, so data emanation must be reduced as much as possible. The floor plan of the office is shown below. Match each type of access point antenna on the left with the appropriate location on the floor plan on the right. Each antenna type can be used once, more than once, or not at all.
A= Directional B= Directional C=Omnidirectional D= Directional E= Directional F= Directional G= Directional
A SYN attack or SYN flood exploits or alters which element of the TCP three-way handshake?
ACK
Which of the following does a router acting as a firewall use to control which packets are forwarded or dropped?
ACL
Which of the following are typically used for encrypting data on a wireless network? (Select two.)
AES TKIP
Which of the following attacks tries to associate an incorrect MAC address with a known IP address?
ARP poisoning
You are the office manager of a small financial credit business. Your company handles personal financial information for clients seeking small loans over the internet. You are aware of your obligation to secure clients records. Budget is an issue for your company. Which item would provide the best security for this situation?
All-in-one security appliance
Which of the following best describes the ping of death?
An ICMP packet that is larger than 65,536 bytes
Which of the following describes how access lists can be used to improve network security?
An access list filters traffic based on the IP header information such as source or destination IP address, protocol, or socket numbers.
Which of the following best describes an //evil twin//?
An access point that is configured to mimic a valid access point to obtain logon credentials and other sensitive information.
Identify and label the following attacks by dragging the term on the left to the definition on the right. Not all terms are used. ● Vishing ● Piggybacking ● Spam ● Phishing ● Whaling ● Spear phishing ● Masquerading ● Spim ● Tailgating
An attacker convinces personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access. ● Masquerading An attacker pretending to be from a trusted organization sends emails to senior executives and high-profile personnel asking them to verify personal information or send money. ● Whaling Attackers use Voice over IP (VolP) to pretend to be from a trusted organization and ask victims to verify personal information or send money. ● Vishing Attackers send emails with specific information about the victim (such as which online banks they use) that ask them to verify personal information or send money. ● Spear phishing Attackers send unwanted and unsolicited text messages to many people with the intent to sell products or services. ● Spim
You are investigating the use of website and URL content filtering to prevent users from visiting certain websites. Which benefits are the result of implementing this technology in your organization? (Choose two.)
An increase in bandwidth availability Enforcement of the organization's internet usage policy
What is the primary countermeasure to social engineering? ● Traffic filters ● Awareness ● Heavy management oversight ● A written security policy
Awareness
In business continuity planning, what is the primary focus of the scope? ● Company assets ● Human life and safety ● Recovery time objective ● Business processes
Business Processes
Which of the following is the correct definition of a threat? O Absence or weakness of a safeguard that could be exploited O Any potential danger to the confidentiality, integrity, or availability of information or systems O Instance of exposure to losses from an attacker O The likelihood of an attack taking advantage of a vulnerability
Any potential danger to the confidentiality, integrity, or availability of information or systems
How often should change control management be implemented? ● Only when changes are made that affect senior management. ● Only when a production system is altered greatly. ● At regular intervals throughout the year. ● Any time a production system is altered.
Any time a production system is altered.
Which of the following firewall types can be a proxy between servers and clients? (Select two.)
Application layer firewall Circuit proxy filtering firewall
You provide internet access for a local school. You want to control Internet access based on user, and prevent access to specific URLs. Which type of firewall should you install?
Application level
Match the application-aware network device on the right with the appropriate description on the left. Each description may be used once, more than once, or not at all.
Application-aware proxy: - Improves application performance Application-aware firewall: - Enforces security rules based on the application that is generating network traffic instead of the traditional port and protocol Application-aware IDS: - Analyzes network packets to detect malicious payloads targeted at application-layer services
What are the most common network traffic packets captured and used in a replay attack?
Authentication
The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering? ● Commitment ● Persuasive ● Authority ● Social validation
Authority
After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take? O Back up all logs and audits regarding the incident O Deploy new countermeasures O update the security policy O Restore and repair any damage
Back up all logs and audits regarding the incident
Which of the following is an important aspect of evidence gathering? O Monitoring user access to compromised systems O Restoring damaged data from backup media O Backing up all log files and audit trails O Purging transaction logs
Backing up all log files and audit trails
Which of the following terms describes a network device that is exposed to attacks and has been hardened against those attacks?
Bastion or sacrificial host
When duplicating a drive for forensic investigation purposes, which of the following copying methods is most appropriate? O Active sector cloning O Bit-level cloning O Drive mirroring O File by-file copying
Bit-level cloning
Which of the following sends unsolicited business cards and messages to a Bluetooth device?
Bluejacking
You are troubleshooting a wireless connectivity issue in a small office. You determine that the 2.4 GHz cordless phones used in the office are interfering with the wireless network transmissions. If the cordless phones are causing the interference, which of the following wireless standards could the network be using? (Select two.)
Bluetooth 802.11g
An attacker is conducting passive reconnaissance on a targeted company. Which of the following could he be doing?
Browsing the organization's website
As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? ● Redefine all roles and responsibilities ● Obtain senior management approval ● Perform new awareness sessions ● Collect and destroy all old plan copies
Collect and destroy all old plan copies
An attacker is using an eavesdropping technique called Van Eck phreaking on a networking closet. Which of the following describes what the attacker is doing? O Connecting to an open switch port O Connecting to an open Ethernet port O Collecting electronic emissions O Capturing data transmissions
Collecting electronic emissions
Match each third-party integration phase on the left With the tasks that need to be completed during that phase on the right. Each phase may be used once, more than once, or not at all. ● Onboarding ● Off-boarding ● Ongoing operations
Communicate vulnerability assessment findings with the other party ● Ongoing operations Disable VPN configurations that allow partner access to your network ● Off-boarding Compare your organization's security policies with the partner's policies ● Onboarding Disable the domain trust relationship between networks ● Off-boarding Identify how privacy will be protected ● Onboarding Draft an ISA ● Onboarding Conduct regular security audits ● Ongoing operations
As the victim of a Smurf attack, what protection measure is the most effective during the attack?
Communicate with your upstream provider
In a NAP system, which is the function of the System Health Validator?
Compare the statement of health submitted by the client to the health requirements
Need to know access is required to access which types of resources? O High-security resources O Low-security resources O Resources with unique ownership O Compartmentalized resources
Compartmentalized resources
Match the employment process on the left with the task that should occur during each process on the right. Each process may be used once, more than once, or not at all. ● Pre-employment ● Employment ● Termination
Conduct role-based training ● Employment Verify an individual's job history ● Pre-employment Show individuals how to protect sensitive information ● Employment Disable a user's account ● Termination Remind individuals of NDA agreements ● Termination Obtain an individual's credit history ● Pre-employment
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security risks is most pressing? O Non-repudiation O Availability O Confidentiality O Integrity
Confidentiality
By definition, which security concept ensures that only authorized parties can access data? O Non-repudiation O Integrity O Authentication O Confidentiality
Confidentiality
Smart phones with cameras and internet capabilities pose a risk to which security concept? O Confidentiality O Non-repudiation O Integrity O Availability
Confidentiality
You have hired 10 new temporary workers who will be with the company for three months. You want to make sure that after that time the user accounts cannot be used for login. What should you do? ● Configure day/time restrictions in the user accounts ● Configure account policies in Group Policy ● Configure account lockout in Group Policy ● Configure account expiration in the user accounts
Configure account expiration in the user accounts
One of the ways attackers can access unencrypted data being transmitted on your network is by collecting electronic emissions that come from your networking closet or Ethernet cables. Which of the following is NOT a good solution to this problem? O Configure all data transmissions to be encrypted O Place your network closet inside a Faraday cage O Employing a protective distribution system, or PDS O Use Ethernet port locking devices
Configure all data transmissions to be encrypted
You are replacing a wired business network with an 802.1 lg wireless network. You currently use Active Directory on the company network as your directory service. The new wireless network will have multiple wireless access points. You want to use WPA2 on the network. What should you do to configure the wireless network? (Select two.)
Configure devices to run in infrastructure mode Install a RADIUS server and use 802.1x authentication
You are the wireless administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. To do this, you need to configure a RADIUS server and RADIUS clients. You want the server and the clients to mutually authenticate with each other. What should you do? (Select two. Each response is a part of the complete solution.)
Configure the RADIUS server with a server certificate Configure all wireless access points with client certificates
A salesperson in your organization spends most of her time traveling between customer sites. After a customer visit, she must complete various managerial tasks, such as updating your organization's order database. Because she rarely comes back to your home office, she usually accesses the network from her notebook computer using Wi-Fi access provided by hotels, restaurants, and airports. Many of these locations provide unencrypted public Wi-Fi access, and you are concerned that sensitive data could be exposed. To remedy this situation, you decide to configure her notebook to use a VPN when accessing the home network over an open wireless connection. Which key steps should you take when implementing this configuration? (Select two.)
Configure the browser to send HTTPS requests through the VPN connection Configure the VPN connection to use IPSec
You need to configure the wireless network card to connect to your network at work. The connection should use a user name and password for authentication with AES encryption. What should you do?
Configure the connection to use WPA2-Enterprise.
You want to connect a laptop computer running Windows to a wireless network. The wireless network uses multiple access points and WPA2-Personal. You want to use the strongest authentication and encryption possible. SSID broadcast has been disabled. What should you do?
Configure the connection with a pre-shared key and AES encryption.
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic? O Configure the network interface to use protocol analysis mode O Configure the network interface to use promiscuous mode O Configure the netlvork intefface to use port mirroring mode O Configure the network interface to enable logging
Configure the network interface to use promiscuous mode
You have recently discovered that a network attack has compromised your database server. The attacker may have stolen customer credit card numbers. You have stopped the attack and implemented security measures to prevent the same incident from occurring in the future. What else might you be legally required to do? ● Implement training for employees who handle personal information ● Perform additional investigations to identify the attacker ● Contact your customers to let them know about the security breach ● Delete personally identifiable information from your computers
Contact your customers to let them know about the security breach
Which of the following prevents access based on website ratings and classifications?
Content Filter
Which of the following is not a valid concept to associate with integrity? O Prevent the unauthorized change of data O Protect your environment so it maintains the highest source of truth O Control access to resources to prevent unwanted access O Ensure that your systems record the real information when collecting data
Control access to resources to prevent unwanted access
Which of the following is the best protection against security violations? ● Defense in-depth ● Monolithic security ● Fortress mentality ● Bottom-up decision-making
Defense in-depth
To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? ● Asset classification ● Sensitivity' vs. risk ● Delphi method ● Comparative
Delphi method
Which of the following is not an appropriate response to a risk discovered during a risk analysis? ● Denial ● Assignment ● Mitigation ● Acceptance
Denial
Which attack form either exploits a software flaw or floods a system with traffic in order to prevent legitimate activities or transactions from occurring?
Denial of service attack
Which of the following is not a protection against session hijacking?
DHCP reservations
Of the following security zones, which one can serve as a buffer network between a private secured network and the untrusted internet?
DMZ
While using the internet, you type the URL of one of your favorite sites in the browser. Instead of going to the correct site, however, the browser displays a completely different website. When you use the IP address of the web server, the correct site is displayed. Which type of attack has likely occurred?
DNS poisoning
Which of the following can be used to stop piggybacking at a front entrance where employees should swipe smart cards to gain entry? O Use weight scales O Deploy a mantrap O use key locks rather than electronic locks O Install security cameras
Deploy a mantrap
You are about to enter your office building through a back entrance. A man dressed as a plumber asks you to let him in so he can fix the restroom. What should you do? O Let him in. O Tell him no and quickly close the door. O Direct him to the front entrance and instruct him to check in with the receptionist. O Let him in and help him find the restroom, then let him work.
Direct him to the front entrance and instruct him to check in with the receptionist.
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?
Disable Bluetooth on the phone
You've just installed a wireless access point (AP) for your organization's network. You know that the radio signals used by the AP extend beyond your organization's building and are concerned that unauthorized users outside may be able to access your internal network. What can you do to protect the wireless network? (Select two.)
Disable DHCP on the AP Configure the AP to filter out unauthorized MAC addresses
A customer has called and indicated that he thinks his neighbor is connecting to his wireless access point (AP) to use his high-speed internet connection. Which of the following will resolve this issue? (Select two.)
Disable SSID broadcast on the AP Implement MAC address filters
You are implementing a wireless in a dentist's office. The dentist's practice is small, so you choose to use an inexpensive consumer-grade access point. While reading the documentation, you notice that the access point supports Wi-Fi Protected Setup (WPS) using a PIN. You are concerned about the security Implications of this functionality. What should you do to reduce risk?
Disable WPS in the access point's configuration
When you inform an employee that they are being terminated, what is the most important activity? ● Allow them to collect their personal items ● Allow them to complete their current work projects ● Give them two weeks notice ● Disable their network access
Disable their network access
When you inform an employee that they are being terminated, what is the most important activity? ● Allowing them to complete their current work projects ● Giving them two weeks' notice ● Disabling their network access ● Allowing them to collect their personal items
Disabling their network access
During a recent site survey, you found a rogue wireless access point on your network. Which of the following actions should you take first to protect your network while still preserving evidence? O See who is connected to the access point and attempt to find the attacker O Disconnect the access point from the network O Run a packet sniffer to monitor traffic to and from the access point O Connect to the access point and examine its logs for information
Disconnect the access point from the network
Which of the following is not an element of the termination process? ● Dissolution of the NDA ● Exit interview ● Disable all network access ● Return company property
Dissolution of the NDA
The best way to initiate solid administrative control over an organization's employees is to have what element in place? ● An acceptable use policy ● Rotation of duties ● Distinct job descriptions ● Mandatory vacations in one-week increments
Distinct job descriptions
Which of the following is a common social engineering attack? ● Using a sniffer to capture network traffic ● Distributing hoax virus information emails ● Distributing false information about your organization's financial status ● Logging on with stolen credentials
Distributing hoax virus information emails
You are conducting a forensic investigation. The attack has been stopped. Which of the following actions should you perform first? O Turn off the system O Stop all running processes O Document what's on the screen O Remove the hard drive
Document what's on the screen
You want to connect your small company network to the internet. Your ISP provides with a single IP address that is to be shared between all hosts on your private network. You do not want external hosts to be able to initiate connection to internal hosts. What type of address translation (NAT) should you implement?
Dynamic
Which of the following statements about ESD is NOT correct? O ESD is much more likely to occur when the relative humidity is above 50%. O One of the greatest threats to computer equipment is ESD. O Measuring the moisture content in the air can be helpful in avoiding ESD. O ESD damage is more likely to occur in low humidity'.
ESD is much more likely to occur when the relative humidity is above 50%.
Which IPSec subprotocol provides data encryption?
ESP
Which step is required to configure a NAP on a Remote Desktop (RD) gateway server?
Edit the properties for the server and select *Request clients to send a statement of health*
Which of the following is not part of security awareness training? ● Establish reporting procedures for suspected security violations ● Familiarize employees with the security policy ● Communicate standards, procedures, and baselines that apply to the employee's job ● Employee agreement documents
Employee agreement documents
Physical security is an obvious requirement for network security, but it is often easy to overlook or forget to plan for it. Which of the following is NOT a benefit of physical security? O Network resources are safer from natural disasters. O Untrained employees cannot misuse equipment. O Sensitive data is protected from unauthorized access. O Employee passwords are stronger. O Terrorists cannot walk in off the street and change the network configuration.
Employee passwords are stronger.
Which of the following is the single greatest threat to network security? O Weak passwords O Employees O Email phishing O Insecure physical access to network resources
Employees
In addition to Authentication Header (AH), IPSec is comprised of what other service?
Encapsulating Security Payload (ESP)
Which of the following is not a valid example of steganography? O Digital watermarking O Hiding text messages within graphical images O Encrypting a data file with an encryption key O Microdots
Encrypting a data file with an encryption key
Network packet sniffing is often used to gain the information necessary to conduct more specific and detailed attacks. Which of the following is the best defense against packet sniffing?
Encryption
Which of the following features are supplied by WPA2 on a wireless network?
Encryption
Which type of data loss prevention system can be configured to block unauthorized email messages from being sent and, therefore, being subject to email retention rules? ● Network DLP ● Endpoint DLP ● File Level DLR ● Chinese Wall
Endpoint DLP
Your company is preparing to enter into a panner relationship with another organization. It will be necessary for the information systems used by each organization to connect and integrate with each other. Which of the following is of primary importance as you take steps to enter into this partner relationship? ● Identify how data ownership will be determined ● Ensure that all aspects of the relationship are agreed upon in writing ● Ensure that the integration process maintains the security of each organization's network ● Ensure that both organizations have similar incident response procedures
Ensure that the integration process maintains the security of each organization's network
Dumpster diving is a low-tech way to gathering information that may be useful in gaining unauthorized access or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? ● Create a strong password policy ● Establish and enforce a document destruction policy ● Mandate the use of Integrated Windows Authentication ● Secure all terminals with screensaver passwords
Establish and enforce a document destruction policy
Change control should be used to oversee and manage changes over what aspect of an organization? ● Physical environment ● Every aspect ● Personnel and policies ● IT hardware and software
Every aspect
What is the goal of a TCP/IP hijacking attack?
Executing commands or accessing resources on a system the attacker does not otherwise have authorization to access.
What is the primary benefit of CCTV? O Expand the area visible by security guards O Increase security protection throughout an environment O Reduce the need for locks and sensors on doors O Provide a corrective control
Expand the area visible by security guards
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use? O Explicit allow, implicit deny O Implicit allow, explicit deny O Implicit allow, implicit deny O Explicit allow, explicit deny
Explicit allow, implicit deny
Which of the following is a privately controlled portion of a network that is accessible to some specific external entities?
Extranet
Which of the following is likely to be located in a DMZ?
FTP Server
Which of the following are functions of gateway email spam blockers? (Select two.)
Filters messages containing specific content Blocks email from specific senders
Which of the following is the best device to deploy to protect your private network from a public untrusted network?
Firewall
Which of the following are denial of service attacks? (Select two.)
Fraggle Smurf
Which of the following is a recommendation to use when a specific standard or procedure does not exist? ● Procedure ● Standard ● Baseline ● Guideline
Guideline
Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? O Insider O Nation state O Competitor O Script kiddie O Hacktivist
Hacktivist
Match each physical security control on the left with an appropriate example of that control on the right. Each security control may be used once, more than once, or not at all. O Perimeter barrier O Door locks O Physical access control O Safety O Protected cable distribution
Hardened carrier O Protected cable distribution Biometric authentication O Door locks Barricades O Perimeter barrier Emergency escape plans O Safety Alarmed carrier O Protected cable distribution Anti-passback system O Physical access control Emergency lighting O Safety Exterior floodlights O Perimeter barrier
Which method can you use to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? O Hashing O Photographs O Serial number notation O File directory listing
Hashing
When the TCP/IP session state is manipulated so that a third party is able to insert alternate packets into the communication stream, what type of attack has occurred?
Hijacking
You have been given laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from Internet-based attacks. Which solution should you use?
Host based firewall
Which of the following is the best countermeasure against man-in-the-middle attacks?
IPsec
Which of the following is not a form of social engineering? ● A virus hoax email message ● Impersonating a utility repair technician ● Impersonating a user by logging on with stolen credentials ● Impersonating a manager over the phone
Impersonating a user by logging on with stolen credentials
The owner of a hotel has contracted with you to implement a wireless network to provide internet access for guests. The owner has asked that you implement security controls so that only paying guests are allowed to use the wireless network. She wants guests ta be presented with a login page when they initially connect to the wireless network. After entering a code provided by the concierge at check-in, guests should then be allowed full access to the Internet. If a user does not provide the correct code, they should not be allowed to access the Internet. What should you do?
Implement a captive portal
To keep your data center safe, pu have done the following: • Restricted physical access to employees who strictly need to get in the data center. • Required employees to enter a password using a pin pad to enter the data center. • Deployed a Faraday cage to keep sensitive network devices safe from external electrical fields. Which of the following measures will NOT improve physical security in the data center? O Implement a checkout policy. O Set up video surveillance in the data center. O Grant employee access to hardware on a need to know basis. O Place all sewers in secured cabinets.
Implement a checkout policy.
You are an IT consultant. You are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets pu and escorts you through a locked door to the work area, where the office manager sits. • The office manager informs pu that the organization's servers are kept in a locked closet. An access card is required to enter the server closet. • She informs you that sewer backups are configured to run each night. A rotation of tapes are used as the backup media. • You notice the organization's network switch is kept in the server closet. • You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. • The office manager informs pu that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You take the workstation back to your office to work on it. What security-related recommendations should you make to this client? O Replace the tape drive used for backups with external USB hard disks. O Keep the network infrastructure devices (switch and all-in-one device) in a locked room separate from network servers. O Implement a hardware checkout policy. O Upgrade the server closet lock to a biometric authentication system.
Implement a hardware checkout policy.
Over the last several years, the use of mobile devices within your organization has increased dramatically. Unfortunately, many department heads circumvented your information systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result, there is a proliferation of devices within your organization without accountability. You need to get things under control and begin tracking your organization's devices. How should you do this? ● Require users to sign an acceptable use policy before allowing them to use mobile devices for work-related tasks. ● Implement a mobile device management (MOM) solution. ● Implement a mobile endpoint management (MEM) solution. ● Apply security-related Group Policy settings to the devices using a Group Policy object. ● Join the devices to your organization's domain.
Implement a mobile endpoint management (MEM) solution.
The IT manager in your organization proposes taking steps to protect against a potential threat actor. The proposal includes the following: • Create and follow onboarding and off-boarding procedures • Employ the principle of least privilege • Have appropriate physical security controls in place Which type of threat actor do these steps guard against? O Script Kiddie O Competitor O Hacktivist O Insider
Insider
As you help a user with a computer problem, pu notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: • Minimum password length = 10 • Minimum password age = 4 • Maximum password age = 30 • Password history = 6 • Require complex passwords that include numbers and symbols • Account lockout clipping level = 3 Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down? ● Remove the complex password requirement ● Decrease the minimum password length ● Increase the account lockout clipping level ● Implement end-user training ● Increase the maximum password age
Implement end-user training
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list? O Explicit allow O Explicit deny O Implicit deny O Implicit allow
Implicit deny
Over the last month, pu have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment? ● Reduce all employee permissions and privileges ● Improve and hold new awareness sessions ● Terminate all offenders ● Initiate stronger auditing
Improve and hold new awareness sessions
Which of the following is not a benefit of NAT?
Improving the throughput rate of traffic
Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Policies, Procedures, and Awareness O Perimeter O Host O Data
Includes OS hardening, patch management, malware, and password attacks: O Host Includes how to manage employee onboarding and off-boarding: O Policies, Procedures, and Awareness Includes cryptography and secure transmissions: O Data Includes user education and manageable network plans: O Policies, Procedures, and Awareness Includes firewalls using ACLs and securing the wireless network: O Perimeter
Drag the security layer on the left to the appropriate description on the right. (Security layers may be used once, more than once, or not at all.) O Physical O Network O Host O Application
Includes fences, door locks, mantraps, turnstiles, device locks, and server cages: O Physical Includes each individual workstation, laptop, and mobile device: O Host Includes authentication and authorization, user management, and group policies: O Application Includes cameras, motion detectors, and even environmental controls: O Physical Includes implementation of VLANs, penetration testing, and the utilization of virtualization: O Network
What is the primary purpose of imposing software lifecycle management concepts? ● Increase interoperability ● Reduce product returns ● Decrease development overhead ● Increase the quality of software
Increase the quality of software
Which of the following is the most effective protection against IP packet spoofing on a private network?
Ingress and egress filters
Your computer system is a participant in an asymmetric cryptography system. You've created a message to send to another user. Before transmission, you hash the message and encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity' provide? O Integrity O Availability O Non-repudiation O Confidentiality
Integrity
A user calls to report that she is experiencing intermittent problems while accessing the wireless from her laptop computer. While she normally works from her office, today she is trying to access the wireless network from a conference room across the hall and next to the elevator. What is the most likely cause of her connectivity problem?
Interference is affecting the wireless signal.
You are concerned that the accountant in your organization might have the chance to modify' financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which security principle are you implementing by periodically shifting accounting responsibilities? O Separation of duties O Least privilege O Need to know O Explicit deny O Job rotation
Job rotation
A script kiddie is a threat actor who lacks knowledge and sophistication. Script kiddie attacks often seek to exploit well-known vulnerabilities in systems. What is the best defense against script kiddie attacks? O Properly secure and store data backups. O Build a comprehensive security' approach that uses all aspects of threat prevention and protection. O Implement email filtering systems. O Have appropriate physical security controls in place. O Keep systems up to-date and use standard security practices.
Keep systems up to-date and use standard security practices.
Which of the following is not an accepted countermeasure to strengthen a cryptosystem? ● Implement long key spaces ● Keep the cryptosystem a secret ● Implement strong systems with redundant encipherment ● use strong passwords
Keep the cryptosystem a secret
Which of the following is the most important thing to do to prevent console access to the router? O Keep the router in a locked room O Set console and enable secret passwords O Disconnect the console cable when not in use O Implement an access list to prevent console connections
Keep the router in a locked room
Which VPN protocol typically employs IPSec as its data encryption mechanism?
L2TP
PPTP (Point-to-Point Tunneling Protocol) is quickly becoming obsolete because of which VPN protocol?
L2TP (Layer 2 Tunneling Protocol)
A SYN packet is received by a server. The SYN packet has the exact same address for both the sender and receiver addresses, which is the address of the server. This is an example of what type of attack?
Land attack
When a SYN flood is altered so that the SYN packets are spoofed in order to define the source and destination address as a single victim IP address, the attack is now called what?
Land attack
In a cryptographic system, what properties should the initialization vector have? (Select two.) ☐ Large ☐ Unpredictable ☐ Predictable ☐ Shon ☐ Uniform
Large Unpredictable
You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first? O Fire the employee who uses the computer O Make a bit-level copy of the disk O Obtain a search warrant O Run forensic tools to examine the hard drive contents
Make a bit-level copy of the disk
Which of the following is a security approach that combines multiple security controls and defenses and is sometime called defense in depth? O Perimeter security O Layered security O Countermeasure security O Network security O Cumulative security
Layered security
The chain of custody is used for which purposes? O Listing people coming into contact with evidence O Detailing the timeline between creation and discovery of evidence O Retaining evidence integrity O Identifying the owner of the evidence
Listing people coming into contact with evidence
Which of the following tools would you use to simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email? O Protocol analyzer O Throughput tester O Load tester O Packet sniffer
Load tester
Which of the following controls is an example of a physical access control method? O Passwords O Smart cards O Locks on doors O Hiring background checks O Access control lists with permissions
Locks on doors
Which of the following do switches and wireless access points use to control access through the device?
MAC address filtering
Which of the following features on a wireless network allows or rejects client connections based on the hardware address?
MAC address filtering
What is the primary goal of business continuity planning? ● Minimize decision-making during the development process ● Protecting an organization from major computer services failure ● Maintaining business operations with reduced or restricted infrastructure capabilities or resources ● Minimizing the organization's risk of service delays and interruptions
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
What is another name for a back door that was accidentally left in a product by the manufacturer? ● Trojan horse ● Maintenance hook ● Security patch ● Root kit
Maintenance hook
What encryption method is used by WPA for wireless networks?
TKIP
Match each Manageable Network Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Prepare to Document ● Protect Your Network ● Map Your Network ● Reach Your Network
Make sure that remote access connections are secure ● Reach Your Network Create a list of all protocols being used on the network ● Map Your Network Identify the choke points on the network ● Protect Your Network Use timestamps on all documents ● Prepare to Document Create a list of all devices ● Map Your Network
Capturing packets as they travel from one host to another with the intent of altering the contents of the packets is a form of which attack type?
Man-in-the-middle attack
When recovering from a disaster, which services should you stabilize first? ● Outside communications ● Mission-critical ● Financial support ● Least business-critical
Mission-critical
Most mobile device management (MOM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate. ● Wi-Fi triangulation ● Cell phone tower triangulation ● IP address resolution ● GPS
Most accurate ● GPS More accurate ● Wi-Fi triangulation Less accurate ● Cell phone tower triangulation Least accurate ● IP address resolution
You need to place a wireless access point in your building. While trying avoid interference, which of the following is the best location for the access point?
On the top floor
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless anti-virus software and the latest operating system patches are installed. Which solution should you use?
NAC
Which of the following networking devices or services prevents the use of IPSec in most cases?
NAT
An attacker has hidden an NFC reader behind an NFC-based kiosk in an airport. The attacker uses the device to capture NFC data in transit between end user devices and the reader in the kiosk. She then uses that information to masquerade as the original end user device and establish an NFC connection to the kiosk. What kind of attack has occurred in this scenario?
NFC relay attack
Which of the following locations contributes the greatest amount of interference for a wireless access point? (Select two.)
Near cordless phones Near backup generators
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level? O Ownership O Clearance O Separation of duties O Least privilege O Need to know
Need to know
If an organization shows suffcient due care, which burden is eliminated in the event of a security breach? ● Negligence ● Investigation ● Asset loss ● Liability
Negligence
Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies? ● Chinese Wall ● File Level DLR ● Network DLP ● Endpoint DLP
Network DLP
Your organization's security policy requires you to restrict network access to allow only clients that have their firewall enabled. Which of the following is a collection of components that would allow you to meet this requirement?
Network access protection
You manage a small network at work. Users use workstations connected to your network No portable computers are allowed. As part of your security plan, you would like to implement scanning of e-mails for all users. You want to scan the e- mails and prevent any e-mails with malicious attachments from being received by users. Your solution should minimize administration, allowing you to centrally manage the scan settings. Which solution should you use?
Network based firewall
Your company has a connection to the internet that allows users to access the internet. You also have a web server and an email server that you want to make available to internet users. You want to create a DMZ for these two servers. Which type of device should you use to create the DMZ?
Network-based firewall
When is a BCP or DRP design and development actually completed? ● Only after testing and drilling ● Once senior management approves ● Only after implementation and distribution ● Never
Never
Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information? ● Employee monitoring agreement ● Non-disclosure agreement ● Acceptable use agreement ● Non-compete agreement
Non-disclosure agreement
By definition, which security concept uses the ability to prove that a sender sent an encrypted message? O Authentication O Non-repudiation O Integrity O Privacy
Non-repudiation
Which type of active scan turns off all flags in a TCP header?
Null
You want to use CCTV to increase your physical security. You want the ability to remotely control the camera position. Which camera type should you choose? O Dome O PTZ O Bullet O C-mount
PTZ
Which of the following is a firewall function?
Packet filtering
What is the weakest point in an organization's security infrastructure? ● Physical structure ● Procedures ● People ● Technology
People
You have discovered a computer that is connected to your network and was used for an attack. You have disconnected the computer from the network to isolate it and stop the attack. What should pu do next? O Make a hash of the hard drive O Clone the hard drive O Stop all running processes O Perform a memory dump
Perform a memory dump
An attacker uses an exploit to push a modified hosts file to client systems. This hosts file redirects traffic from legitimate tax preparation sites to malicious sites to gather personal and financial information. What kind of exploit has been used in this scenario? (Choose two. Both responses are different names for the same exploit.)
Pharming DNS poisoning
Which of the following attacks tricks victims into providing confidential information (such as identity information or login credentials) through emails or websites that impersonate an online entity that the victim trusts? ● Session hijacking ● Phishing ● Man-in-the-middle ● Adware
Phishing
Match the social engineering description on the left with the appropriate attack type on the right. ● An attacker searches through an organization's trash looking for sensitive information. ● An attacker pretending to be from a trusted organization sends an email asking users to access a website to verify personal information. ● An attacker gathers personal information about the target individual in an organization. ● An attacker enters a secured building by following an authorized employee through a secure door without providing identification. ● An attacker gathers personal information about the target individual, who is a CEO. ● An attacker uses a telephone to convince target individuals to reveal their credit card information.
Phishing ● An attacker pretending to be from a trusted organization sends an email asking users to access a website to verify personal information. Whaling ● An attacker gathers personal information about the target individual, who is a CEO. Spear phishing ● An attacker gathers personal information about the target individual in an organization. Dumpster diving ● An attacker searches through an organization's trash looking for sensitive information. Piggybacking ● An attacker enters a secured building by following an authorized employee through a secure door without providing identification Vishing ● An attacker uses a telephone to convince target individuals to reveal their credit card information.
Which of the following denial of service (DOS) attacks uses ICMP packets and is only successful if the victim has less bandwidth than the attacker?
Ping flood
Which of the following recommendations should you follow when placing access points to provide wireless access for users within your company building?
Place access points above where most clients are.
What is the best definition of a security incident? O Interruption of productivity O Compromise of the CIA of resources O Violation of a security policy O Criminal activity
Violation of a security policy
You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into server components and affecting network availability. Which of the following should you implement? O Negative pressure system O Line conditioner O Backup generator O Positive pressure system O UPS
Positive pressure system
You have a small wireless network that uses multiple access points. The network uses WPA and broadcasts the SSID. WPA2 is not supported by the wireless access points. You want to connect a laptop computer to the wireless network. Which of the following parameters will you need to configure on the laptop? (Select two.)
Pre-shared key TKIP encryption
What is the primary purpose of separation of duties? O Prevent conflicts of interest O Grant a greater range of control to senior management O Inform managers that they are not trusted O Increase the difficulty of performing administration
Prevent conflicts of interest
Separation of duties is an example of which type of access control? O Preventive O Detective O Compensative O Corrective
Preventive
Drag the web threat protection method on the left to the correct definition on the right.
Prevents users from visiting malicious [Web threat filtering] Prevents outside attempts to access confidential information [Anti-phishing software] Identifies and disposes of infected content [Virus blockers] Prevents unwanted email from reaching your network [Gateway email spam blockers] Prevents users from visiting restricted websites [URL content filtering]
You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with? O Job rotation O Need to know O Principle of least privilege O Cross-training
Principle of least privilege
HIPAA is a set of federal regulations that define securiti guidelines. What do HIPAA guidelines protect? ● Availability ● Integrity ● Privacy ● Non-repudiation
Privacy
In which phase of the system life cycle is a security integrated into the product? ● Software Development ● Project Initiation ● Maintenance ● Installation
Project Initiation
You want to examine the data on your network to find out if any of the following are happening: • Users are connecting to unauthorized websites • Cleartext passwords are allowed by protocols or services • Unencrypted traffic that contains sensitive data is on the network Which of the following tools would you use? O System logging O Throughput tester O Protocol analyzer O Load tester
Protocol analyzer
What is the most effective way to improve or enforce security in any environment? ● Enforcing account lockout ● Disabling Internet access ● Providing user-awareness training ● Requiring two-factor authentication
Providing user-awareness training
You have used firewalls to create a demilitarized zone. You have a web server that needs to be accessible to internet users. The web server must communicate with a database server for retrieving product, customer, and order information. How should you place devices on the network to best protect the servers? (Select two.)
Put the database server on the private network. Put the web server inside the DMZ.
You want to implement 802.1x authentication on your wireless network. Which of the following will be required?
RADIUS
Which of the following best describes the concept of due care or due diligence? ● Reasonable precautions based on industry best practices are utilized and documented. ● Availability supersedes security unless physical harm is likely. ● Security through obscurity is best accomplished by port stealthing. ● Legal disclaimers are consistently and conspicuously displayed on all systems.
Reasonable precautions based on industry best practices are utilized and documented.
You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices are able to connect to your rän.'ork. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution? (Select two.)
Remediation servers 802.1x authentication
A smart phone was lost at the airport. There is no way to recover the device. Which if the following will ensure data confidentiality on the device? ● Remote wipe ● Screen lock ● GPS ● TPM
Remote wipe
Match each Manageable Neüork Plan milestone on the left with the tasks that are associated with that milestone on the right. Each milestone may be used once, more than once, or not at all. ● Control Your Network ● Protect Your Network ● Manage Your Network ● Reach Your Network
Remove insecure protocols ● Reach Your Network Implement the principle of least privilege ● Control Your Network Segregate and isolate networks ● Protect Your Network Establish an update management process ● Manage Your Network Establish a baseline for all systems ● Manage Your Network
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called? ● Risk ● Loss ● Residual risk ● Exposure
Residual risk
You are implementing security at a local high school that is concerned with students accessing inappropriate material on the internet from the library's computers. The students Will use the computers to search the internet for research paper content. The school budget is limited. Which content filtering option would you choose?
Restrict content based on content categories
Your company security policy states that wireless are not to be used because of the potential security risk they present to your network. One day, you find that an employee has connected a wireless access point to the in his office. What type of security risk is this?
Rogue Access Point
Which of the following is used on a wireless network to identify the network name?
SSID
You have physically added a wireless access point to your network and installed a wireless networking card in laptops that run Windows. Neither laptop can find the network. You have come to the conclusion that you must manually configure the wireless access point (AP). Which of the following values uniquely identifies the network AP?
SSID
Which of the following wireless network protection methods prevents the wireless network name from being broadcast?
SSID broadcast
Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization? O Formatting O Deletion O Sanitization O Destruction
Sanitization
Which of the following mobile device security considerations disables the ability to use the device after a short period of inactivity? ● TPM ● Remote wipe ● GPS ● Screen lock
Screen lock
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution? O Need to know O Principle of least privilege O Dual administrator accounts O Separation of duties
Separation of duties
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal? O Job rotation O Least privilege O Mandatory vacations O Implicit deny O Separation of duties
Separation of duties
Which of the following is defined as a contract that prescribes the technical support or business parameters a provider will bestow to its client? ● Final audit report ● Mutual aid agreement ● Service level agreement ● Certificate practice statement
Service level agreement
Match the wireless networking security standard on the left to its associated characteristics on the right. Each standard can be used more than once.
Short initialization vector makes key vulnerable. [WEP] Uses AES for encryption. [WPA2] Uses RC4 for encryption. [WEP] Uses TKIP for encryption. [WPA] Uses CBC-MAC for data integrity. [WPA2] Uses CCMP for key rotation. [WPA2]
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent data extraction from the discs? ● Write junk data over the discs seven times ● Degauss the disks ● Delete the data on the discs ● Shred the disks
Shred the disks
Match each Interoperability Agreement document on the left with the appropriate description on the right. Each document may be used once, more than once, or not at all. ● BPO ● SLA ● MOU ● ISA
Specifies exactly which services will be performed by each party ● SLA Creates an agreement with a vendor to provide services on an ongoing basis ● BPO Summarizes which party is responsible for performing specific tasks ● MOU Documents how the networks will be connected ● ISA Defines how disputes will be managed ● SLA Specifies a preset discounted pricing structure ● BPO
A router on the border of your network detects a packet with a source address that is from an internal client, but the packet was received on the internet-facing interface. This is an example of what form of attack?
Spoofing
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
Spoofing
Which of the following are characteristics of a circuit-level gateway? (Select two.)
Stateful Filters based on sessions
Which of the following are characteristics of a packet filtering firewall? (Select two.)
Stateless Filters IP address and port
You are the administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you With five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the Inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?
Static
You have a small network at home that is connected to the internet. On your home network, you have a server with the IP address of 192.168.55. lgg/16. You have a Single public address that IS shared by all hosts on your private network. You want to configure the sewer as a web server and allow internet hosts to contact the server to browse a personal website. What should use to allow access?
Static NAT
Match the general attack strategy on the left with the appropriate description on the right. (Each attack strategy may be used once, more than once, or not all.) O Reconnaissance O Breaching O Escalating privileges O Staging O Exploitation
Stealing information: O Exploitation Preparing a computer to perform additional tasks in the attack: O Staging Crashing systems: O Exploitation Gathering system hardware information: O Reconnaissance Penetrating system defenses to gain unauthorized access: O Breaching Configuring additional rights to do more than breach the system: O Escalating Privileges
Which is the cryptography mechanism that hides secret communications within various forms of data? O Codes O Signals O Polyinstantiation O Steganography
Steganography
Which of the following program writing development modes is a method that allows for optimal control over coherence, security, accuracy, and comprehensibility? ● Clean room ● Waterfall planning ● Object-oriented programming ● Structured programming
Structured programming
A VPN is primarily used for what purpose?
Support secured communications over an untrusted network
What is the primary use of tunneling?
Supporting private traffic through a public communication medium
Which of the following is the LEAST effective power loss protection for computer systems? O Backup power generator O Uninterruptible power supply O Secondary power source O Surge protector
Surge protector
You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuo Plan (BCP) with two other database professionals. Which type of BCP test is this considered? ● Succession planning ● Complex exercise ● Tabletop exercise ● Medium exercise
Tabletop exercise
In which of the following denial of service (DoS) attacks does the victim's system rebuild invalid UDP packets, causing the system to crash or reboot?
Teardrop
Which of the following is the main difference between a DOS attack and a DDoS attack?
The DDoS attack uses zombie computers.
A malicious user in your organization was able to use the Trinity Rescue Kit to change the password on a department manager's computer in the finance department. The user was able to copy data containing bank account information and social security numbers. The user then destroyed the data by resetting the computer. The department manager was at lunch at the time and had enabled the lock screen to require a password to gain access to the computer. Which additional measure should the manager have taken to prevent data theft? O The data should have been backed up so it could be restored after it was destroyed. O The sensitive data on the computer should have been encrypted. O The computer should have been kept in a physically secure location. O The computer should have been bolted to the desk.
The computer should have been kept in a physically secure location.
Match the general defense methodology on the left with the appropriate description on the right. (Each methodology may be used once, more than once, or not all.) O Layering O Principle of least privilege O Variety O Randomness O Simplicity
The constant change in personal habits and passwords to prevent anticipated events and exploitation: O Randomness Diversifying layers of defense: O Variety Giving users only the access they need to do their job and nothing more: O Principle of least privilege Implementing multiple security measures to protect the same asset: O Layering Eliminating single points of failure: O Layering Giving groups only the access they need to do their job and nothing more: O Principle of least privilege
Which of the following are not reasons to remote wipe a mobile device? ● The device is stolen or lost. ● The device is locked and someone has entered multiple incorrect passwords or PINs. ● The device is inactive for a period of time. ● The device is being assigned to another user.
The device is inactive for a period of time.
Which statement best describes IPSec when used in tunnel mode?
The entire data packet, including headers, is encapsulated
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept? ● The system administrator configures remote access privileges and the security officer reviews and activates each account. ● Every change to the default system image requires concurrent processing by multiple domain controllers. ● Security policy authors may never fraternize with system administration personnel. ● Only the security officer can implement new border router rule sets.
The system administrator configures remote access privileges and the security officer reviews and activates each account.
You are the wireless administrator for your organization. As the size of the organization has grown, you've decide to upgrade your wireless network to use 802.1x authentication instead of pre-shared keys. You've decided to use LEAP to authenticate wireless clients. To do this, you configured a Cisco RADIUS server and installed the necessary Cisco client software on each RADIUS client. Which of the following is true concerning this implementation?
The system is vulnerable because LEAP is susceptible to dictionary attacks
You suspect that an Xmas tree attack is occurring on a system. Which of the following could result if you do not stop the attack? (Select two.)
The system will be unavailable to respond to legitimate requests. The threat agent will obtain information about open ports on the system.
Which of the following best defines Single Loss Expectancy (SLE)? ● The monetary value of a single employee's loss of productivity due to a successful attack ● The statistical probability of a malicious event ● The total monetary loss associated with a single occurrence of a threat ● The total cost of all countermeasures associated with protecting against a given vulnerability
The total monetary loss associated with a single occurrence of a threat
Your organization uses an 802.1 lg wireless network. Recently, other tenants installed the following equipment in your building: • A wireless television distribution system running at 2.4 GHz • A wireless phone system running at 5.8 GHz • A wireless phone system running at goo MHz • An 802.1 In wireless network running in the 5 GHz frequency range Since this equipment was installed, your wireless has been experiencing significant interference. Which system is to blame?
The wireless TV system
When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? ● Multiply the Single Loss Expectancy (SLE) by the standard annual deviation. ● Divide the static variable by the probability index. ● Multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE). ● Through historical data provided by insurance companies and crime statistics.
Through historical data provided by insurance companies and crime statistics.
Which of the following tools would you use to validate the bandwidth on your network and identify when the bandwidth is significantly below what it should be? O Packet Sniffer O Protocol analyzer O Throughput Tester O Load Tester
Throughput Tester
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year? ● To cut costs on travel ● To prevent the buildup of significant vacation time ● To test their knowledge of security ● To check for evidence of fraud
To check for evidence of fraud
What is the primary purpose of source code escrow? ● To obtain change rights over software after the vendor goes out of business ● To obtain resale rights over software after the vendor goes out of business ● To provide a backup copy of software to use for recovery in the event of a disaster ● To hold funds in reserve for unpredicted costs before paying the fees of the programmer
To obtain change rights over software after the vendor goes out of business
Purchasing insurance is what type of response to risk? ● Transference ● Deployment of a countermeasure ● Acceptance ● Rejection
Transference
Which type of cipher changes the position of the characters in a plain text message? O Substitution O Transposition O Steam O Block
Transposition
Which option is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment while actively preventing re-entrance through the exit portal? O Electronic access control doors O Egress mantraps O Locked doors with interior unlock push bars O Turnstiles
Turnstiles
What is the greatest threat to the confidentiality of data in most secure organizations? O USB devices O Operator error O Hacker intrusion O Malware
USB Devices
Which of the following is a valid security measure to protect email from viruses?
Use blockers on email gateways
Your company has five salesmen who work out of the office and frequently leave their laptops laying on their desks in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns? O Encrypt all company data on the hard drives O Require strong passwords in the local security policy O Implement screen saver passwords O use cable locks to chain the laptops to the desks
Use cable locks to chain the laptops to the desks
You have a company network that is connected to the internet. You want all users to have internet access, but you need to protect your private network and users. You also need to make a web server publicly available to internet users. Which solution should you use?
Use firewalls to create a DMZ. Place the web server inside the DMZ and the private network behind the DMZ.
You have installed antivirus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she installed some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should pu add to your security measures to help prevent this from happening again? ● Close unused firewall ports ● Account lockout ● User awareness training ● Proxy server
User awareness training
Which is the best countermeasure for someone attempting to view your network traffic?
VPN
A group of salesmen would like to access your private network through the internet while they are traveling. You want to control access to the private network through a single server. Which solution should you implement?
VPN concentrator
Which of the following CCTV camera types lets you adjust the distance that the camera can see ( in other words, zoom in or out)? O Varifocal O Infrared O C-mount O Fixed
Varifocal
Which of the following is an action that must take place during the release stage of the SDLC? ● Testing of the software for bugs. ● The product goes into major production and is developed by programmers. ● Vendors develop and release patches in response to exploited vulnerabilities that have been discovered. ● Certification, accreditation, and auditing are performed.
Vendors develop and release patches in response to exploited vulnerabilities that have been discovered.
Which of the following are true of a circuit proxy filter firewall? (Select two.)
Verifies sequencing of session packets. Operates at the Session layer.
You have just received a generic-looking email that is addressed as coming from the administrator of your company. The email says that, as part of a system upgrade, you are to go to a website and enter your user name and password at a new website so you can manage your email and spam using the new service. What should you do? ● Open a web browser and type the URL included in the email. Follow the directions to enter pur login credentials. ● Click on the link in the email and look for company graphics or information before entering the login information. ● Delete the email. ● Click on the link in the email and follow the directions to enter your login information. ● Verify that the email was sent by the administrator and that this new service is legitimate.
Verify that the email was sent by the administrator and that this new service is legitimate.
You've just received an email message explaining that a new and serious malicious code threat is ravaging across the internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a Victim of this threat by the presence of three files in the folder. As a countermeasure, the message suggests that you delete these three files from your system. In response to this message, which action should you take first? ● Reboot the system ● Distribute the message to everyone in your address book ● Delete the indicated files if present ● Verify the information on well-known malicious code threat management websites ● Perform a complete system backup
Verify the information on well-known malicious code threat management websites
Which of the following best describes //bluesnarfing?//
Viewing calendar, emails, and messages on a mobile device without authorization
When would choosing to do nothing about an identified risk be acceptable? ● When the cost of protecting the asset is greater than the potential loss ● When the threat is most likely to come from an internal source instead of an external source ● When the threat is likely to occur less than once per year ● When the asset is an intangible asset instead of a tangible asset
When the cost of protecting the asset is greater than the potential loss
In which of the following situations would you most likely implement a demilitarized zone (DMZ)?
You want to protect a public web server from attack.
Match the malicious interference type on the right with the appropriate characteristic on the left. Each characteristic can be used once, more than once, or not at all.
[Spark Jamming] Repeatedly blasts receiving equipment with high-intensity, short-duration RF bursts at a rapid pace [Random Noise Jamming] Produces RF signals using random amplitudes and frequencies [Random Pulse Jamming] Uses radio signal pulses of random amplitude and frequency
Which of the following is an example of a strong password? ● Robert694 ● atgiov45a ● desktop#7 ● a8bT11$yi
a8bT11$yi
You need to enumerate the devices on your network and display the network's configuration details. Which of the following utilities should you use?
nmap
When a cryptographic system is used to protect the data confidentiality, what actually takes place? O Transmitting the encrypted data is prohibited O The data is available for access whenever authorized users need it O The data is protected from corruption or change O unauthorized users are prevented from viewing or accessing the resource
unauthorized users are prevented from viewing or accessing the resource
Which of the following accurately describes what a protocol analyzer is used for? (Select two.) ☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of email. ☐ A device that measures the amount of data that can be transferred through a network or processed by a device. ☐ A passive device that is used to copy frames and allow you to view frame contents. ☐ A device that allows you to capture, modify, and retransmit frames (to perform an attack).
☐ A device that does not allow you to capture, modify, and retransmit frames (to perform an attack). ☐ A passive device that is used to copy frames and allow you to view frame contents.
Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two.) ☐ CO2 ☐ Halon ☐ Foam ☐ Water
☐ CO2 ☐ Halon
You are an IT consultant. You are visiting a new client's site to become familiar with their network. As you walk around their facility, you note the following: • When you enter the facility, a receptionist greets pu and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with a cable lock. • The office manager informs pu that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. • She informs you that server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. • You notice that the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. • You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two.) ☐ Use separate dedicated network perimeter security devices instead of an all-in-one device ☐ Replace the key lock on the server closet with a card reader ☐ Replace the LISB hard disks used for server backups with a tape drive ☐ Control access to the work area with locking doors and card readers ☐ Relocate the switch to the locked server closet
☐ Control access to the work area with locking doors and card readers ☐ Relocate the switch to the locked server closet
Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry'? (Select two.) ☐ Double-entry door ☐ Turnstile ☐ PTZ CCTV ☐ Anti-passback system ☐ Mantrap
☐ Double-entry door ☐ Turnstile
Which of the following are solutions that address physical security? (Select two.) ☐ Implement complex passwords ☐ Escort visitors at all times ☐ Require identification and name badges for all employees ☐ Scan all floppy disks before use ☐ Disable guest accounts on computers
☐ Escort visitors at all times ☐ Require identification and name badges for all employees
Your networking closet contains your network routers, switches, bridges, and some servers. You want to make sure an attacker is not able to gain physical access to the equipment in the networking closet and prevent anyone from reconfiguring the network to set up remote access or backdoor access. Which of the following measures are the best way to secure your networking equipment from unauthorized physical access? (Select two. Each measure is part of a complete solution.) ☐ Place your networking equipment in a Faraday cage. ☐ Place your networking equipment in a locked cage. ☐ Place your networking equipment in a Van Eck cage. ☐ Place your networking equipment in a room that requires key card entry. ☐ Place your networking equipment in a TEMPEST cage.
☐ Place your networking equipment in a locked cage. ☐ Place your networking equipment in a room that requires key card entry.
Beside protecting a computer from under voltages, a typical UPS also performs which two actions? ☐ Prevents electric shock ☐ Prevents ESD ☐ Protects from over voltages ☐ Conditions the power signal
☐ Protects from over voltages ☐ Conditions the power signal
A Service Level Agreement (SLA) defines the relationship and contractual responsibilities of providers and service recipients. Which of the following characteristics are most important when designing an SLA? (Select two.) ☐ Clear and detailed descriptions of penalties if the level of service is not provided. ☐ Employee vetting procedures that don't apply to contract labor. ☐ Detailed provider responsibilities for all continuity and disaster recovery mechanisms. ☐ Industry standard templates for all SLAS to ensure corporate compliance.
☑ Clear and detailed descriptions of penalties if the level of service is not provided. ☑ Detailed provider responsibilities for all continuity and disaster recovery mechanisms.
Your organization entered into an Interoperability Agreement (IA) with another organization a year ago. As a part of this agreement, a federated trust was established between your domain and the partner domain. The partnership has been in the ongoing operations phase for almost nine months now. As a security administrator, which tasks should you complete during this phase? (Select two.) ☐ Negotiate the BP● agreement ☐ Draft an MOU document ☐ Disable user and groups accounts used by the partner organization to access your organization's data ☐ Conduct periodic vulnerability assessments ☐ Verify compliance with the IA documents
☑ Conduct periodic vulnerability assessments ☑ Verify compliance with the IA documents
Which of the following statements is true regarding risk analysis? (Select two.) ☐ Don't implement a countermeasure if the cost is greater than loss. ☐ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year. ☐ Exposure factor is the percent of the asset lost from an unsuccessful threat attack. ☐ The value of an asset is the worth of a resource to the organization excluding qualitative values.
☑ Don't implement a countermeasure if the cost is greater than loss. ☑ Annualized Rate of Occurrence (ARO) identifies how often the successful threat attack will occur in a single year.
Which of the following are examples of social engineering? (Select two.) ☐ War dialing ☐ Dumpster diving ☐ Port scanning ☐ Shoulder surfing
☑ Dumpster diving ☑ Shoulder surfing
How can an organization help prevent social engineering attacks? (Select two.) ☐ Educate employees on the risks and countermeasures. ☐ Close all unneeded ports on firewalls. ☐ Publish and enforce clearly-written security policies. ☐ Implement IPsec on all critical systems.
☑ Educate employees on the risks and countermeasures. ☑ Publish and enforce clearly-written security policies.
You have recently been hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a Manageable Network plan for the network. You have already completed the first and second milestones, in which documentation procedures were identified and the network was mapped. You are now working on the third milestone, identifying ways to protect the network. Which tasks should you complete as a pan of this milestone? (Select two.) ☐ Create an approved application list for each network device ☐ Identify and document each user on the network ☐ Physically secure high-value systems ☐ Set account expiration dates ☐ Apply critical patches whenever they are released
☑ Identify and document each user on the network ☑ Physically secure high-value systems
Your organization is in the process of negotiating an Interoperability Agreement (IA) with another organization. As a part of this agreement, the partner organization proposes that a federated trust be established beüveen your domain and their domain. This configuration will allow users In their domain to access resources in your domain and vice versa. As a security' administrator, which tasks should pu complete during this phase? (Select two.) ☐ Identify how data will be shared. ☐ Verify compliance with the IA documents. ☐ Identify how data ownership will be determined. ☐ Conduct security audits on the partner organization. ☐ Reset all passwords used by the third party to access data or applications on your network.
☑ Identify how data will be shared. ☑ Identify how data ownership will be determined.
Your organization has recently purchased 20 tablet devices for the Human Resource department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (Select two. Each response is a separate solution.) ☐ Configure a Group Policy object (GPO) containing mobile device-specific security settings. ☐ Join the devices to your organization's domain. ☐ Install the devices in your organization's directory services tree. ☐ Implement storage segmentation. ☐ Enable device encryption.
☑ Implement storage segmentation. ☑ Enable device encryption
Which of the following are typically associated with human resource security policies? (Select two.) ☐ Termination ☐ Background checks ☐ Change management ☐ Password policies ☐ SLA
☑ Termination ☑ Background checks